Prisma Cloud has fully adopted Microsoft Authentication Library (MSAL) for monitoring Azure instances. However, in very rare cases, you might come across log entries for calls from Prisma Cloud to Active Directory Authentication Library (ADAL) endpoints. These entries can be disregarded. A fix will be implemented to resolve these erroneous entries.

The behavior of filters on the

Alerts Overview

page is slightly different from that on the

Asset Inventory

and

Asset Explorer

pages. On the

Alerts Overview

page when you select the

Asset Class

,

Resource Type

, and

Service Name

filters, the alerts displayed are a combination of those three selected filters. Whereas on the

Asset Inventory

and

Asset Explorer

pages, the preference is given to

Resource Type

over

Service Name

when both those filters are selected due to which the assets for which alerts are displayed on the

Asset Inventory

and

Asset Explorer

pages do not match those displayed on the

Alerts Overview

page.

The AWS Global Accelerator service returns an Access Denied error with the error assumed-role/PrismaCloudReadOnlyRole/redlock is not authorized to perform: iam:CreateServiceLinkedRole on resource. The issue occurs because the

aws-global-accelerator-accelerator

API requires you to enable the service-linked IAM role to ingest metadata. To resolve the error, add the role to include the required permissions.

Workaround

: If you do not want to enable the service-linked role, create a support ticket with Palo Alto Networks Technical Support to disable the AWS Global Accelerator service API.

In Unified Asset Inventory, Compute alerts are not displayed in the Resource Explorer audit trail.

The list of alert counts that correspond to a policy are inaccurate when you select more than one alert rule name. This issue is seen on:

PCDS Azure only—

If you have enabled public access from selected IP addresses on storage account with Prisma Cloud NAT IPs and Azure outbound IPs added to the allow list, ingestion fails with 403 error (permission denied).

PCDS Azure only—

The

Inventory

page may display 400 error if data is not available.

PCDS Azure only—

During onboarding when you enter the

Client ID

and

Secret

, if the Secret exceeds the specified length, a bad request error displays.

In Unified Asset Inventory, only System Administrators can view the Compute assets and not other users. Compute alerts will not be accessible on Alerts pages for all users except System Administrators.

When integrating Prisma Cloud with Jira, if the Jira

issueType

field uses space as a separator between the words, such as

Service Request

or

New Feature

, a 500 Internal Server error occurs while configuring Typeahead fields such as Reporter or Assignee, in a Notification Template. You will be unable to create a Notification Template for Jira with the Typeahead fields.

Workaround

: Rename the field to remove the space or add an underscore. For example,

ServiceRequest

or

New_Feature

. You can then add Typeahead fields in a Notification Template.

If you have configured multiple flow logs for a VPC and if any of the flow logs are incorrectly configured, the flow log status on Prisma Cloud is reported as a warning (Amber). This status does not impact ingestion for all the correctly configured flow logs.

The resource name displayed on the Alerts L2 page does not match the name displayed for the same resource on the Asset Explorer page.

Prisma Cloud may not process some of the delete bucket events, due to which the buckets that you have deleted in the AWS console will be visible in the Prisma Cloud

Inventory

page.

When changing the

Maximum time before access keys expire

value for access keys, it may take up to 15 minutes for the updates to take effect.

When you create an alert rule and specify target resource tags, Prisma Cloud processes only a single resource tag key/value pair properly. Proper processing of multiple resource tags or resource tags with multiple values is not guaranteed. This behavior exists whether you create the alert rule through the Prisma Cloud console or through the CSPM API.

Malware report is not available in PDF format.

Applies to Prisma Cloud Data Security only

The Dashboard displays an error when you select an account group that does not contain any accounts.

The Business Unit Report does not support multi-byte characters used in languages such as Japanese.

The Business Unit Report csv file lists all enabled policies even when there are no open alerts, because there are no resources to scan.

When you enable Dataflow compression for a cloud account, the subnetwork creation status may display a failure message on the onboarding status page. This error displays because the time threshold to create the subnetwork and report completion exceeds the response time threshold on Prisma Cloud.

Workaround—

Click to the previous page and click next to load the status page again.

If you have the maximum number of VPCs (5) already created in the project and you then enable flowlog compression, the onboarding fails because Prisma Cloud is unable to add the network needed to enable Dataflow compression. When this happens the remediation steps in the message that displays is incorrect.

The integration status check for Jira displays as yellow instead of red even if the integration is misconfigured.

Dashboard widgets don’t load for a large data set where the time window is also large.

The

aws-ecs-describe-task-definition

and

aws-emr-describe-cluster

APIs now run once every 24 hours to generate alerts. If you have cloud accounts with a significant amount of ECS/EMR resources, the resource status is updated once a day.

The configuration build policies are displayed even if you have not enabled Code Security module.

Currently when you edit default policies in the Code Security module, the policy is duplicated with the updated metadata. Both the unedited policy and the edited policy are then visible on

Projects

when the

Status- Suppressed

(for the original policy) and

Errors

(for the edited policy) are enabled.

AWS CloudTrail in the Osaka region (ap-northeast-3) do not display on the Prisma Cloud administrative console.

This issue requires a fix on AWS. When fixed on AWS, the issue will be automatically resolved on Prisma Cloud.